The present invention relates to methods and devices for securing keys when key-management processes are subverted by an adversary, with applications to distributed environments.
A trend in modern computer networking, web-, and cloud-computing, is to rely on public, group, shared, or virtualized resources. The IT (information technology) marketplace offers public, private, and hybrid solutions for “virtualization” and “cloud computing.” Such a growing trend is occurring at many levels: infrastructure, platform, and software.
A recurring problem hampering such solutions is the fact that “networked,” “virtualized,” and/or “cloud” solutions are by their very nature non-secured and distributed. The resources may be physically owned by different entities other than the users, or may be shared among multiple users (having existing security, privacy, and trust concerns). This may occur within one legal entity or among different entities.
For example, a file may be saved in a network “storage cloud.” Since the storage cloud is a shared resource, a user is entrusting his/her data to a resource that is routinely accessed by many other users, over which the user has no control at all.
All modem computing systems share a concern that malicious attackers may breach the security of an environment and obtain some of its secrets. This general concern is even greater in public, group, virtualized or network-accessible environments—since the scope for an attacker to enter the system is commensurately greater.
Of course, one solution for the security-conscious consumer is to avoid shared resources altogether. However, such an option is an unpleasant choice for the user, since modern shared resources provide many economic, operational, and technical benefits.
It would be desirable to have methods and devices for securing keys when key-management processes are subverted by an adversary. Such methods and devices would, inter alia, overcome the limitations mentioned above.